Information Security News
Prosecutors say they have unearthed forensic evidence that shows how a former computer security official for a state lottery association let him rig drawings worth millions of dollars across five states using unauthorized code that tampered with a random number generator used to pick winning tickets.
Eddie Raymond Tipton was charged last April and eventually convicted. Prosecutors said the man used his position as information security director of the Multi-State Lottery Association to access a room that housed the random number generator. But until recently, they weren't able to prove exactly how Tipton went about modifying the code so it produced predictable outputs that could be used to pick winning tickets.
According to an article published by the Associated Press, here's how it worked:
Some Tuesday morning listeners of KIFT, a Top 40 radio station located in Breckenridge, Colorado, were treated to a radically different programming menu than they were used to. Instead of the normal fare from Taylor Swift, The Chainsmokers, or other pop stars, a hack by an unknown party caused one of the station's signals to broadcast a sexually explicit podcast related to the erotic attraction to furry characters. The unauthorized broadcast lasted for about 90 minutes.
KIFT wasn't the only station to be hit by the hack. On the same day, Livingston, Texas-based country music station KXAX also broadcast raunchy furry-themed audio. And according to an article posted Wednesday by radio industry news site RadioInsight.com, the unauthorized broadcasts from a hobbyist group called FurCast were also forced on an unnamed station in Denver and an unidentified national syndicator.
"All in all the FurCast aired for an hour, possibly two," Jason Mclelland, owner and general manager of the KXAX Radio Group, wrote in an e-mail. "During that time they talked about sex with two guys and a girl in explicit details and rambled on with vulgar language not really having much of a point to the podcast. I'm assuming there was no real reason for this hack."
Nobody may be wording it a bit strong. But adoption of these security features is certainly not taking off. If you can think of any features I forgot, then please comment:
That is probably my favorite issue. DNSSEC fixes on of the most important protocols. Without it, spoofing is always possible, and in some cases not even terribly hard. I think there are a number of reasons it is not implemented:
So in short: high risk low gain. Insider tip: Some registrars like make it dead simple to enable DNSSEC for zones hosted with them.
Unlike DNSSEC, key pinning is a somewhat new-ish feature, and may not even be supported by all browsers. But while I think you would be hard pressed to find a recent breach that was caused by a site supporting SSLv3 (and we all turned that off. or?), there are multiple examples where certificate authorities issued keys to the wrong party. If anything, our statistics about revoked certs sort of tell the story. But surveys find that less then 1% of sites implement key pinning. I think the issue is similar like with DNSSEC: if you mess up, you take your site down, but there is at least a low perceived risk of actually becoming a victim of a fraudulent certificate. Also, while pretty much any audit tool flags SSLv3 as a big risk, key pinning isnt considered much of a risk at this point.
Ok, there are people that implement them, but I still see a lot of networks that dont. Most see a firewall still as a device that blocks inbound connections. Firewalls do that just fine, but the security improvement of inbound filtering is marginal if you only block ports that your server isnt listening on anyway. On the other hand, preventing a server from downloading a backdoor, or connecting to a command and control channel, can be huge. In reality, setting up good outbound filtering can be difficult. Web servers may need to connect to cloudbased webservices, so IPs will change. Anti-Malware tool updates are also often hosten on CDNs, making it difficult to sensibly control them.
Most people watch firewall logs very carefully. Unless you look just at your outbound logs, there is probably little interesting stuff that you will find in your firewall logs. Is it really important for you to know that a kid in China just ran nmap against your systems? On the other hand, DNS logs are full of interesting and actionable information, in particular if you are looking at your recursive name servers. You will find infected systems resolving CC server host names, covert channels and all kinds of good stuff.
A user clicking on a link in an e-mail or opening and attachment is probably how 80% or more of recent breach reports start. But still, I see hardly anybody digitally signing e-mail. Sure not an absolute protection, but wouldnt it help if the mail server stripped attachements from e-mails not signed?
Anything else? I considered using an IDS properly, not reusing passwords, as other topics to talk about.
API Server Security Leaves a Lot to Be Desired
Data shows that only 30 percent of APIs are planned out without input from the security team, 27 percent go through the development phase without contribution from infosec professionals, and 21 percent of all APIs reach production environments without ...
by Sean Gallagher
MedStar, the health network of 10 Maryland hospitals struck by a ransomware attack last week, has now reportedly brought all its systems back online without paying attackers. But a MedStar spokesperson denied reports that the attack was made possible because the health provider's IT department failed to make fixes to systems that had been issued years ago. Ars will publish an in-depth analysis of the techniques used by the Samsam ransomware attackers this Friday.
Tami Abdollah of the Associated Press reported Tuesday that an anonymous source "familiar with the investigation" of the cyberattack claimed that the flaws that allowed attackers to compromise a JBoss Web application server and attack the network with Samsam crypto-ransomware had been highlighted in security warnings from JBoss maintainer Red Hat, the US government and others in February 2007, March 2010, and again this month.
MedStar denies that the earlier warnings—including one issued as a security advisory by Red Hat in April 2010—had anything to do with the attack, according to the findings of a response team from Symantec. "News reports circulating about the malware attack on MedStar Health’s IT system are incorrect," a MedStar spokesperson said in a statement. "Our partner Symantec, a global leader in cybersecurity, has been on the ground from the start of the situation and has been conducting a thorough forensic analysis, as they have done for many other leading companies around the world. In reference to the attack at MedStar, Symantec said, 'The 2007 and 2010 fixes referenced in the article were not contributing factors in this event.'"
LockPath Achieves ISO 27001 Certification
Marketwired (press release)
OVERLAND PARK, KS--(Marketwired - April 07, 2016) - LockPath, a leading provider of governance, risk management and compliance (GRC) solutions, has achieved the ISO 27001 certification, an internationally recognized information security standard ...
SANS to Provide Online Access to New ICS Security Training
PR Newswire (press release)
BETHESDA, Md., April 6, 2016 /PRNewswire-USNewswire/ -- SANS Institute, the global leader in information security training, today announced its ICS515: ICS Active Defense and Incident Response is now available OnDemand. This popular course ...
Colombo security confce begins with eyes on BB heist
Prothom Alo (English)
An initiative of the Indian Infosec Consortium, Ground Zero Summit is the largest collaborative platform in Asia for cyber security experts and researchers to address emerging cyber security challenges and demonstrate cutting-edge technologies. It was ...